Recently when scheduled scans detect a risk the action taken is "left alone" can anyone advise why this might be happening.

Below is an example:

At least one security risk found:

Risk name: Infostealer.Limitail
File path: C:\Users\Blanked out\TT PAYMENT COPY. (1) TT.rar>>attachment2.exe
Event time: 28/05/2014 8:55:54 PM
Database insert time: 28/05/2014 8:56:55 PM
Source: Scheduled Scan
Description: ""
User: SYSTEM
Computer: Blanked out
IP Address: Blanked out
Domain: Blanked out
Server: Blanked out
Client Group: My Company\Blanked out\Desktop & Laptops\Central\
Action taken on risk: Left alone
This alarm was generated at 28/05/2014 9:03:14 PM (Reporter host Time).
This alarm was generated by admin, with the following filters:

=======================================================================================

I've checked out scan settings and actions which are:

First Action: Clean Risk

If first action fails: Delete Risk

Yet detections are left alone??

However if I do a manual scan it quarinties the files as expected.

Any ideas.

Best Practices for responding to "Left Alone" in the virus or threat history log

You can scan Threat Analysis

How to run the Threat Analysis Scan in Symantec Help (SymHelp)

See this thread

http://www.symantec.com/connect/forums/sep-logs-actual-action-left-alone

Many reasons:

http://www.symantec.com/docs/TECH101661

Reboot the machine into safemode and remove that way